Annex A (Application Note A)
Part of TR-RESISCAN containing risk analysis results. Includes detailed threat and risk assessments for substitute scanning along with recommendations for countermeasures.
TR-RESISCAN Glossary
All key terms related to BSI TR-03138 and substitute scanning explained clearly.
No entries found. Try a different search term.
A
Annex F (Application Note F)
FAQ document for TR-RESISCAN with frequently asked questions and answers. Provides practical guidance for implementing the technical directive.
Annex P (Test Specification)
Normative TR-RESISCAN document containing test requirements for conformity certificates. Defines test criteria and procedures for certification.
Annex R (Application Note R)
Legal application note for TR-RESISCAN. Contains non-normative legal guidance and classifications for various application areas.
Annex V (Application Note V)
Template process documentation for TR-RESISCAN. Provides templates and examples for practical implementation of documentation requirements.
AO (German Fiscal Code)
Central law of German tax legislation establishing procedural rules for taxation. Sections 146–147 AO regulate retention obligations for tax-relevant documents (6 or 10 years) and requirements for their digital storage.
Audit Trail
Complete logging of all actions in the scanning process. Essential in the TR-RESISCAN context for traceability and evidential value of digitised documents.
Authenticity
The property of a document whose genuineness and origin can be proven beyond doubt. A central requirement for substitute-scanned documents for their legal recognition.
B
BDSG (German Federal Data Protection Act)
German federal data protection law supplementing the GDPR at national level. Regulates the appointment of data protection officers, employee data protection and penalty provisions. Relevant for processing personal data in document management systems.
BSI (Federal Office for Information Security)
German federal authority responsible for IT security that publishes TR-RESISCAN (TR-03138). The BSI also certifies scanning processes according to this directive.
Learn more about Docuflair TR-RESISCANBSI IT Baseline Protection
Methodology developed by BSI for implementing IT security measures. Provides standardised security requirements and measure catalogues for IT systems. Compliance with IT Baseline Protection supports TR-RESISCAN conformity and can serve as a basis for ISO 27001 certification.
C
Certification
Official confirmation of conformity with TR-RESISCAN by the BSI or accredited testing bodies. Proves that a scanning process meets all requirements of the technical directive.
Conformity Certificate
Documented proof that a scanning process meets TR-RESISCAN requirements. Can be obtained through BSI certification or self-declaration by the service provider.
Confidentiality
Protection against unauthorised access to documents. In the TR-RESISCAN protection requirements context, a central dimension alongside integrity and availability.
Critical Infrastructure (KRITIS)
Organisations from sectors such as energy, healthcare, or finance for which special requirements for document security and availability apply.
D
Destruction Log
Documentation of the proper destruction of paper originals after substitute scanning. Contains information on timing, method of destruction, destroyed documents and responsible person. Mandatory component of a TR-RESISCAN-compliant scanning process for providing evidence.
More about Docuflair TR-RESISCANDOMEA
Document Management and Electronic Archiving in IT-Supported Business Processes. Organisational concept of the German federal administration for electronic file management that should be compatible with TR-RESISCAN.
Dual Control Principle (Four-Eyes Principle)
Organisational measure where critical process steps are controlled by two people. Recommended in TR-RESISCAN for quality assurance and approvals.
E
E-Government Act (EGovG)
German federal law promoting electronic administration. Section 7 EGovG references TR-RESISCAN as the state of the art for substitute scanning in government agencies.
E-Justice
Electronic legal transactions with courts. The German Code of Civil Procedure (Section 371b) permits the submission of substitute-scanned documents as evidence in consideration of TR-RESISCAN.
eIDAS (Electronic Identification and Trust Services)
EU regulation on electronic identification and trust services (No. 910/2014). Defines three levels of electronic signatures (simple, advanced, qualified), electronic seals and timestamps. Forms the legal framework for digital signatures in the European single market.
Evidential Value
The degree of evidentiary force that a digitised document has in legal transactions. TR-RESISCAN defines measures for maintaining and proving evidential value.
Evidentiary Force
The legal persuasiveness of a document in court proceedings. Substitute-scanned documents must achieve evidentiary force comparable to the paper original.
F
Four-Eyes Principle
G
GdPDU
Principles for Data Access and Verifiability of Digital Documents. German tax law regulations to be observed for digital archiving of business documents - supplementary to TR-RESISCAN.
GoBD
Principles for Proper Management and Storage of Books, Records, and Documents in Electronic Form. Administrative regulation of the German Federal Ministry of Finance that, together with TR-RESISCAN, defines tax law requirements for digitised receipts.
H
HGB (German Commercial Code)
German commercial code with provisions for commercial bookkeeping and retention. Section 257 HGB defines retention periods for commercial books (10 years), inventories and annual financial statements (10 years) and received commercial correspondence (6 years). Relevant for audit-proof archiving.
I
IFG (Freedom of Information Act)
German federal law granting everyone the right to access official information from federal authorities. Frequently requires redaction of personal data and trade secrets before releasing documents.
More about Docuflair RedactIntegrity
The intactness and completeness of a document. TR-RESISCAN requires technical measures (e.g., hash values, digital signatures) to verifiably ensure the integrity of scanned documents.
ISMS (Information Security Management System)
Management system for information security. An ISMS according to ISO 27001 or BSI IT-Grundschutz supports compliance with TR-RESISCAN security requirements.
K
KRITIS
M
Media Discontinuity
The transition from one information medium to another, e.g., from paper to digital. TR-RESISCAN defines requirements for maintaining evidential value during media discontinuity.
P
PDF/A
ISO-standardised PDF format for long-term archiving. In the TR-RESISCAN context, the recommended target format for substitute-scanned documents as it ensures self-description and long-term readability.
Learn more about Docuflair NormalizeProcess Documentation
Comprehensive documentation of the scanning process according to TR-RESISCAN. Includes scanning concept, process instructions, protocols, and quality certificates.
Proper Order (Ordnungsmäßigkeit)
The property of a scanning process meeting all legal, technical, and organisational requirements. TR-RESISCAN serves as a framework for proving proper order.
Protection Requirements Assessment
Systematic determination of protection needs for documents and scanning processes. Determines required security measures based on confidentiality, integrity, and availability.
Q
Quality Assurance
Measures to ensure scanning quality according to TR-RESISCAN. Includes visual inspections, automatic image enhancement, completeness checks, and legibility controls.
R
RESISCAN
Abbreviation for "REchtssicheres erSetzendes Scannen" (Legally Compliant Substitute Scanning). Designation of BSI Technical Directive TR-03138 and synonymous with the compliant scanning process.
Retention Period
Legally mandated timeframe for which documents must be retained. In Germany, typical periods are 6 years for business correspondence (Section 257 HGB) and 10 years for accounting documents and annual financial statements (Section 147 AO). After expiry, documents can be destroyed in compliance with data protection regulations.
Revision Security (Audit-Proof Archiving)
Property of an archive system that protects stored information from subsequent modification. Essential for TR-RESISCAN to permanently preserve the evidential value of scanned documents.
Learn more about Docuflair ArchiveRisk Analysis
Assessment of possible threats and their impacts on the scanning process. Annex A of TR-RESISCAN contains a structured risk analysis as the basis for protective measures.
S
Scan Service Provider
Company providing scanning services for third parties. Can become certified according to TR-RESISCAN or issue a self-declaration of conformity.
Scanning Concept
Central planning document according to TR-RESISCAN. Describes organisational framework conditions, responsibilities, processes, and technical components of the scanning system.
Section 203 StGB (Professional Secrecy)
Section of the German Criminal Code protecting professional secrecy of doctors, lawyers, tax advisors and other confidentiality-bound professionals. Relevant for redaction and protection of confidential data in document processing.
More about Docuflair RedactSelf-Declaration
Alternative to BSI certification: The scan service provider or organisation declares conformity with TR-RESISCAN under their own responsibility. Often sufficient for tenders.
State of the Art
Legal term for recognised technical standards. TR-RESISCAN is considered state of the art for substitute scanning according to the E-Government Act and other legal provisions.
Substitute Scanning
Legally compliant digitisation of paper documents with the goal of being able to destroy the originals afterwards. TR-RESISCAN defines the technical and organisational requirements to match the evidential value of the scan to that of the original.
Learn more about Docuflair TR-RESISCANT
TR-03138
Official designation of the BSI Technical Directive for substitute scanning (RESISCAN). The current version defines requirements for processes, technology, and organisation for legally compliant digitisation.
Learn more about Docuflair TR-RESISCANTR-RESISCAN
BSI Technical Directive for substitute scanning. Defines security-relevant technical and organisational measures for scanning processes where the paper original is to be destroyed after digitisation.
Learn more about Docuflair TR-RESISCANTransfer Note (Transfervermerk)
Documentation of the digitisation process and all subsequent processing steps. The transfer note is a central element for traceability and evidential value of the scan.
V
Verification Documentation
Comprehensive description of all procedures, responsibilities, and controls in the scanning process. Mandatory component for TR-RESISCAN conformity and basis for audits.
Availability
The property that documents are accessible when needed. TR-RESISCAN requires measures for permanent availability of substitute-scanned documents.
Additional Resources
Deepen your knowledge about substitute scanning
Scan with TR-RESISCAN Compliance
See how Docuflair helps you meet BSI TR-03138 requirements.